In an era where digital connectivity underpins every facet of society, securing networks has become crucial. Organisations and consumers face a wave of sophisticated cyber threats ranging from AI-driven attacks to nation-state espionage, while simultaneously navigating stringent compliance demands and the huge costs of data breaches. As networks extend across cloud platforms, remote work set-ups and internet of things (IoT) devices, traditional perimeter protection no longer suffices. This increased vulnerability makes network security more critical than ever, both to tackle these threats and to protect consumer interests while maximising operational efficiency.
Network security considerations
Modern network security requires a unified, cloud-centric approach to protect widely distributed users and data. One of the leading frameworks addressing this need is secure access service edge (SASE), which converges networking and security functions into a single cloud-based platform. SASE integrates capabilities such as software-defined wide area network, secure web gateways, cloud security tools, firewall-as-a-service and zero-trust network access. By combining these elements, SASE simplifies network protection and ensures consistent security policy enforcement regardless of where users or applications reside.
Complementing this framework, techniques such as micro-segmentation, which isolates network segments to contain breaches, and encrypted traffic management are becoming standard practices to reduce attack surfaces. Indian enterprises have begun integrating these trends in their network strategies. For instance, HDFC Bank has embraced a zero-trust approach by removing legacy multiprotocol label switching networks across more than 450 branches in favour of cloud-delivered security and identity-based access, a shift that aligns closely with SASE principles. This shows how security considerations are now influencing even fundamental network connectivity decisions.
Alongside these new architectures, telecom security is increasingly enhanced by AI. AI-based cyber defence models enable telecommunications operators to detect and respond to threats far more rapidly than human analysts alone could manage. AI-powered operations platforms continuously learn network behaviour, detect subtle, unusual patterns in real time and trigger automated responses to reroute traffic, isolate faults or fix issues without human intervention. Indian operators leverage predictive analytics to anticipate outages or breaches and adjust capacity or replace equipment in advance.
Government initiatives and policies
The Indian government has taken preventive steps over the past year to strengthen telecom network security through comprehensive policy and regulation. A major development was the Department of Telecommunications (DoT) notifying the Telecommunications (Telecom Cyber Security) Rules in November 2024, which impose robust cybersecurity obligations on telecom operators. Every telecom operator must now maintain a comprehensive cybersecurity policy, conduct regular security audits of their networks and establish 24×7 security operations centres (SOCs). Critically, any cyber incident affecting telecom networks must be reported to the government within six hours of detection, with a detailed impact report filed within 24 hours.
This rapid reporting mandate aligns with national incident-response protocols and ensures faster government-industry collaboration in containing breaches. The rules also require telecom firms to provide traffic data (excluding content) and to establish infrastructure for monitoring as needed to safeguard networks. Overall, the Telecom Cyber Security Rules, 2024 represent a comprehensive effort to harden India’s telecom ecosystem, though they acknowledge that smaller operators may need support to meet the stringent requirements.
Beyond cybersecurity rules, India has included network security in its broader telecom policy framework. The new Telecom Act, 2023 explicitly establishes network security as a core focus, enabling the above rules and modernising legal powers for cyber enforcement. This legislative foundation provides the necessary legal architecture for comprehensive security measures across the telecommunications sector.
The government has also pushed for secure network infrastructure through strict technical standards. All telecom equipment must undergo testing and certification under the Mandatory Testing and Certification of Telecom Equipment scheme before deployment. In August 2025, DoT slashed security testing fees by up to 95 per cent under a new communication security certification. Key products, ranging from routers and SIM cards to 5G core network elements, are subject to mandatory testing through DoT’s National Centre for Communication Security-approved laboratories. By making certification more affordable, the government aims to ensure that even smaller equipment vendors can implement robust security features.
Similarly, the Telecom Regulatory Authority of India (TRAI) has issued orders to curb network abuse such as spam and fraud, which indirectly strengthens security. From late 2024, TRAI mandated that all commercial SMSs include verified sender IDs and tracking codes, and ordered telecommunications operators to disconnect repeat offenders sending malicious or unsolicited messages. This regulatory push has prompted operators to deploy new AI-based spam filters, thereby improving security and trust in communication networks. Additionally, in October 2025, TRAI approved DoT’s Calling Name Presentation framework, which will display the registered name of callers directly on users’ mobile phones. This initiative, confirmed by both TRAI and DoT, aims to make phone communications more transparent and secure for all subscribers.
Telco and industry perspectives
For Indian telcos, securing networks has increasingly become synonymous with fighting digital fraud at scale. Bharti Airtel, Reliance Jio and Vodafone Idea Limited (Vi) are all enhancing their networks so that fraud detection, spam control and identity assurance are handled within the network fabric itself rather than being left to end-user applications.
Airtel has taken the most aggressive approach in this regard. Its network-based AI spam and fraud detection solution, deployed at scale, now evaluates hundreds of parameters per call or message and runs deep-learning models on trillions of records in real time to flag suspicious behaviour. In April and May 2025, Airtel extended this capability with a fraud detection solution that inspects links across email, SMS and over-the-top applications, blocking malicious websites in real time for both mobile and broadband subscribers. By September 2025, the telco reported that these initiatives had flagged tens of billions of spam calls and links, and reduced customers’ financial losses from cybercrime by nearly 70 per cent.
Vi has followed a similar path, with particular emphasis on building an AI-driven cyber defence stack. Vi’s network-level spam filters have been operational since late 2024 and had already flagged more than 450 million spam SMSs by mid-2025. At the India Mobile Congress 2025, the operator launched “Vi Protect”, an AI-powered safety suite that combines a voice spam detection system, which scores and blocks fraudulent calls in real time, with a cyber defence and incident response system that links measurement data from across the network to detect threats and automate a structured response.
Jio has placed more visible emphasis on customer awareness and incremental network features rather than a single flagship security product. The operator began 2025 by issuing specific advisories on premium-rate missed call scams, warning users not to return suspicious international calls and urging them to verify any outreach only via official Jio channels. In parallel, Jio has begun rolling out an in built spam call alert feature that labels likely spam on incoming calls, bringing a native network-side alternative to app-based caller ID and spam filtering.
Collectively, the three operators are also attempting to move security “up the stack” through GSMA Open Gateway. In October 2025, Airtel, Jio and Vi announced that they had already launched a shared SIM swap application programming interface (API) and planned to roll out a number verification API by the end of 2025. These CAMARA-based APIs allow banks and online platforms to verify whether a SIM has been recently swapped or whether a phone number genuinely belongs to a user, providing a more secure alternative to traditional SMS one-time passwords and helping to prevent account theft.
Challenges and outlook
Despite significant progress, securing networks remains a constant race against evolving threats and complexities. One major challenge is the ever-expanding threat landscape, with cyber adversaries growing more sophisticated by leveraging AI and multi-method attack strategies to find gaps in network defences. Additionally, the rapid growth of remote work and cloud services means that vulnerability points have expanded considerably, with more entry points, such as home offices, personal devices and third-party cloud applications, for attackers to probe.
This leads to the second significant challenge: complexity in security management. Organisations now juggle a patchwork of point security tools across on-premises data centres, multiple clouds and edge environments. Maintaining consistent policies and visibility in such a mixed environment is difficult, and gaps between isolated tools can become opportunities for threats. Enterprises often find it challenging to integrate new security solutions with legacy systems, and a shortage of skilled cybersecurity personnel amplifies the problem.
Looking ahead, the outlook for network security is one of cautious optimism mixed with urgency. On the positive side, awareness of network security’s importance has never been higher, driving unprecedented investment and innovation in this field. The convergence of networking and security in frameworks such as SASE is expected to continue, resulting in more unified platforms that reduce complexity and improve protection. Zero trust is likely to become the default mode for network access in both the government and private sectors, ensuring that verification is continuous and implicit trust is eliminated for all devices and users.
AI and machine learning will further mature as integral components of network defence, not only for monitoring but also for automating response tasks and predicting emerging threats. At the same time, emerging technologies on the horizon will demand attention. For instance, the advent of quantum computing threatens to upend current encryption methods; forward-looking organisations have started exploring quantum-resistant encryption algorithms to secure future networks. Similarly, the rise of satellite-based networking and 5G/6G wireless will open new frontiers that require novel security approaches to handle unique risks, from satellite signal blocking to telecom edge computing vulnerabilities. Industry players, telecommunications operators and governments will need to continue working in concert, sharing threat intelligence and best practices, to bolster the collective defence. s
Shashwat Singh
